i ran combofix and internet does not work.
sys. restore not work
ie7 not work
need help to undo combofix changes and get me back where i started

thanks

Who told you to run combofix? ComboFix is not a general purpose cleaning tool and should not be as such. ComboFix should only be used when asked by someone experienced in the use of this tool. Using this tool without supervision can cause problems with your computer, as you have now found.
Did you try rebooting your computer? What operating system do you have? Why did you run combofix?
How do you connect to the internet?

You also have two threads started with this same problem.
http://www.daniweb.com/forums/thread163773.html
You should stick with this one now. I know it can be frustrating to wait for an answer but everyone volunteers here and normally folks get an answer as quickly as possible. Everyone also has to take into account that the volunteers are from all over the world and time zones can make a difference when waiting for replies.

found combofix and ran without help bad mistake
i am running windows xp.
pc will boot up nd come on i have no internet no ie7 explorer and sys restore does not have any restore points.
is there any way to undo all or most changes from combofix

How are you connected to the internet?
You can try this:
You can try this and see if your internet connection is repaired:
*Click on the Start button.
* Click on the Settings menu option.
* Click on the Control Panel option.
* When the Control Panel opens, double-click on the Network Connections icon. If your Control Panel is set to Category View, then double-click on Network and Internet Connections and then click on Network Connections at the bottom.
# You will now see a list of available network connections. Find the correct one and Right Click and then click on the Repair menu option.
Do you have the log created by combofix? Did you install the Recovery Console with combofix?

How are you connected to the internet?
You can try this:
You can try this and see if your internet connection is repaired:
*Click on the Start button.
* Click on the Settings menu option.
* Click on the Control Panel option.
* When the Control Panel opens, double-click on the Network Connections icon. If your Control Panel is set to Category View, then double-click on Network and Internet Connections and then click on Network Connections at the bottom.
# You will now see a list of available network connections. Find the correct one and Right Click and then click on the Repair menu option.
Do you have the log created by combofix? Did you install the Recovery Console with combofix?

i am currently not connected to internet i'm on another pc
when i go to control panel network connection is empty.
i have combo fix log .
did not install recovery console with combofix already had it installed

Do you have your XP CD?

no do not have that with me

You would need that disk I believe to run the Recovery Console.

You would need that disk I believe to run the Recovery Console.

i already had recovery console installed and i can get to it
do i need to send you combofix.txt file

looking at hijack this log just about everything for windows is listed as unknown owner

I would like to see some logs yes, AND why did you run these tools?

ie7 would redirect to msn when tryng to go to windows update
would try to remove what i thought was wrong in hijackthis but they would keep returning

Looking through both logs it is evident to me that severe damage has been done to the key system files of the computer. But not actually by combofix.
Though I stress again to ALL who may be reading this, combofix should NEVER be run without the first instruction to do so by a helper working with you on a forum such as this one. Combofix will NEVER or should NEVER be recommended as a "usual course of action" but ONLY in Specific and Special Circumstances. Never use this tool on your own. Never use and OLD copy of combofix, it is updated frequently. Once combofix has been used on a machine it then should be REMOVED following the instructions given by the person helping you.

The files removed by combofix IN THIS PARTICULAR CASE, and EACH CASE IS DIFFERENT, were all related to the Haxgen Trojan, also the Goldun.Fam rootkit, Haxdoor rootkit. and many others. Very dangerous infections. Goldun.Fam is a family of Trojan horse programs that steals users' information entered for authentication on e-gold online web forms. The Haxdoor rootkit has spying capabilities and according to reports, it has been used to steal bank-related information, logins and passwords for online bank accounts, and other personal information.
You also had the Backdoor.Win32.SdBot which is a worm and IRC backdoor Trojan for the Windows platform.

W32/Rbot-DPG runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

W32/Rbot-DPG includes functionality to access the internet and communicate with a remote server via HTTP.
While it may SEEM the computer is not online, don't take a chance, UNPLUG the internet cord from the computer immediately.

Go through that list of removed files in the combofix log and each and every one was connected to one of these infections noted above. Where were they All located? In System32. You've got to have System32 working in order for your computer to run properly, so with all of these files infected it obviously wasn't. Virtually the entire System32 was affected and INFECTED.
Yes, the problems you have now are "somewhat" because of the removals by combofix, BUT they were removed because really your entire System32 was totally infected by these invaders and it did what it was designed to do, remove serious infections. I doubt that anything could have fixed this.

I MUST say something here I rarely say, the best thing for you to do is wipe the drive and reinstall.
Your system was severely compromised BEFORE you ran combofix.

Please also take note of KEY Phrases in the description of all of these trojans, worms and rootkits noted above:
steals users' information, steals bank-related information, logins and passwords for online bank accounts, and other information.

Before you do ANYTHING with the computer itself you need to call ALL of the companies you have done business with online, credit card companies , banks, insurance companies, EVERYBODY YOU HAVE DONE ONLINE BUSINESS WITH IN RECENT MONTHS. You need to talk to a real person, don't do it via email, explain what has happened and let them know what has happened. You very possibly will have to change credit card numbers, bank account numbers, anything important. This really is even much worse than if somebody had stolen your wallet from your pocket with all your important information in it, because once this information is obtained online then it is USED online, the thief doesn't have to go from store to store or bank to bank on foot, he does it from the comfort of his own computer desk and much faster.

I cannot tell exactly from the combofix log what it was that may have brought these things onto the computer though the Trojan.Flush.M Trojan came onto the computer on November 22nd, it seems to have been the only one created on that date and what it does is that it impacts network traffic with Address Resolution Protocol (ARP) requests and lowers security settings. The only ones I see right before are Auslogics, (excellent programs so I would likely rule this out). I don't know these others, Evernote, SwordSearcher 4 and Discover. Then there were a large number of installs on December 2nd all of which seem to have to do with a mobile phone.
Don't know if this helps you track down where these infections may have come from but I thought it might help once you get your system up and running again.
I am sorry to say, but total reformat and reload is my best advice.
Judy

Looking through both logs it is evident to me that severe damage has been done to the key system files of the computer. But not actually by combofix.
Though I stress again to ALL who may be reading this, combofix should NEVER be run without the first instruction to do so by a helper working with you on a forum such as this one. Combofix will NEVER or should NEVER be recommended as a "usual course of action" but ONLY in Specific and Special Circumstances. Never use this tool on your own. Never use and OLD copy of combofix, it is updated frequently. Once combofix has been used on a machine it then should be REMOVED following the instructions given by the person helping you.

The files removed by combofix IN THIS PARTICULAR CASE, and EACH CASE IS DIFFERENT, were all related to the Haxgen Trojan, also the Goldun.Fam rootkit, Haxdoor rootkit. and many others. Very dangerous infections. Goldun.Fam is a family of Trojan horse programs that steals users' information entered for authentication on e-gold online web forms. The Haxdoor rootkit has spying capabilities and according to reports, it has been used to steal bank-related information, logins and passwords for online bank accounts, and other personal information.
You also had the Backdoor.Win32.SdBot which is a worm and IRC backdoor Trojan for the Windows platform.

W32/Rbot-DPG runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

W32/Rbot-DPG includes functionality to access the internet and communicate with a remote server via HTTP.
While it may SEEM the computer is not online, don't take a chance, UNPLUG the internet cord from the computer immediately.

Go through that list of removed files in the combofix log and each and every one was connected to one of these infections noted above. Where were they All located? In System32. You've got to have System32 working in order for your computer to run properly, so with all of these files infected it obviously wasn't. Virtually the entire System32 was affected and INFECTED.
Yes, the problems you have now are "somewhat" because of the removals by combofix, BUT they were removed because really your entire System32 was totally infected by these invaders and it did what it was designed to do, remove serious infections. I doubt that anything could have fixed this.

I MUST say something here I rarely say, the best thing for you to do is wipe the drive and reinstall.
Your system was severely compromised BEFORE you ran combofix.

Please also take note of KEY Phrases in the description of all of these trojans, worms and rootkits noted above:
steals users' information, steals bank-related information, logins and passwords for online bank accounts, and other information.

Before you do ANYTHING with the computer itself you need to call ALL of the companies you have done business with online, credit card companies , banks, insurance companies, EVERYBODY YOU HAVE DONE ONLINE BUSINESS WITH IN RECENT MONTHS. You need to talk to a real person, don't do it via email, explain what has happened and let them know what has happened. You very possibly will have to change credit card numbers, bank account numbers, anything important. This really is even much worse than if somebody had stolen your wallet from your pocket with all your important information in it, because once this information is obtained online then it is USED online, the thief doesn't have to go from store to store or bank to bank on foot, he does it from the comfort of his own computer desk and much faster.

I cannot tell exactly from the combofix log what it was that may have brought these things onto the computer though the Trojan.Flush.M Trojan came onto the computer on November 22nd, it seems to have been the only one created on that date and what it does is that it impacts network traffic with Address Resolution Protocol (ARP) requests and lowers security settings. The only ones I see right before are Auslogics, (excellent programs so I would likely rule this out). I don't know these others, Evernote, SwordSearcher 4 and Discover. Then there were a large number of installs on December 2nd all of which seem to have to do with a mobile phone.
Don't know if this helps you track down where these infections may have come from but I thought it might help once you get your system up and running again.
I am sorry to say, but total reformat and reload is my best advice.
Judy

thank you very much for all of your help in this matter
will format and reinstall.

Sorry I couldn't give some better advice but just think it would save you the headache of trying to fix each and every part of the os. Easier to do it all in one step.
Judy